Tomcat 8 Manager戰爭部署上傳通過SSL失敗
[英]Tomcat 8 Manager war deploy upload fails over SSL
問題描述
這是一個很奇怪的問題-我一直在尋找線索,但是卻一無所獲。 在Solaris上運行Tomcat 8 / Java 8。 為SSL配置的NIO連接器。 一切似乎都運行良好,但是現在通過管理器部署war文件在Firefox和Chrome上失敗了。 在舊的仿真節點中使用IE 11似乎仍然可以正常工作。 不同的瀏覽器會提出不同的投訴:FF-安全連接失敗,Chrome-無法訪問此網站。 其他一切似乎都可以正常工作-您可以登錄到管理器,SSL連接看起來配置正確,可以瀏覽到各種管理器頁面,但是文件上傳部署失敗。 我檢查了管理器日志,對該請求的錯誤似乎與bufferCrypt和NativeGCMCipher有關。 (請參見下面的堆棧跟蹤)我嘗試過:-更新到最新的JDK(u92)-Oracle報告了NativeGCMCipher中的緩沖區大小確定問題,該問題已修復-嘗試在連接器中設置較大的緩沖區,即socket.rxBufSize,socket.txBufSize ,和socketBuffer-嘗試切換到BIO連接器(這已在另一台服務器上解決了此問題),但運氣不佳。
如果有人有任何建議,將不勝感激。 我們可以使用IE進行上傳或簡單的副本部署,但是我很警惕,當我們在這些服務器上發布25個應用程序時,這個更大的問題可能會咬我們。
這是管理器日志中的堆棧跟蹤:
07-Jul-2016 13:44:12.597 INFO [http-nio-8086-exec-19] org.apache.catalina.core.ApplicationContext.log HTMLManager: list: Listing contexts for virtual host 'localhost'
07-Jul-2016 13:44:50.623 SEVERE [http-nio-8086-exec-19] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [HTMLManager] in context with path [/manager] threw exception
java.security.ProviderException: Could not determine buffer size
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:843)
at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
at javax.crypto.Cipher.doFinal(Cipher.java:2460)
at sun.security.ssl.CipherBox.decrypt(CipherBox.java:535)
at sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:200)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:974)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.tomcat.util.net.SecureNioChannel.read(SecureNioChannel.java:455)
at org.apache.tomcat.util.net.NioBlockingSelector.read(NioBlockingSelector.java:173)
at org.apache.tomcat.util.net.NioSelectorPool.read(NioSelectorPool.java:251)
at org.apache.tomcat.util.net.NioSelectorPool.read(NioSelectorPool.java:232)
at org.apache.coyote.http11.InternalNioInputBuffer.fill(InternalNioInputBuffer.java:133)
at org.apache.coyote.http11.InternalNioInputBuffer$SocketInputBuffer.doRead(InternalNioInputBuffer.java:177)
at org.apache.coyote.http11.filters.IdentityInputFilter.doRead(IdentityInputFilter.java:110)
at org.apache.coyote.http11.AbstractInputBuffer.doRead(AbstractInputBuffer.java:416)
at org.apache.coyote.Request.doRead(Request.java:469)
at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:338)
at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:395)
at org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:363)
at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:190)
at java.io.FilterInputStream.read(FilterInputStream.java:133)
at org.apache.tomcat.util.http.fileupload.util.LimitedInputStream.read(LimitedInputStream.java:132)
at org.apache.tomcat.util.http.fileupload.MultipartStream$ItemInputStream.makeAvailable(MultipartStream.java:946)
at org.apache.tomcat.util.http.fileupload.MultipartStream$ItemInputStream.read(MultipartStream.java:850)
at java.io.InputStream.read(InputStream.java:101)
at org.apache.tomcat.util.http.fileupload.util.Streams.copy(Streams.java:98)
at org.apache.tomcat.util.http.fileupload.util.Streams.copy(Streams.java:68)
at org.apache.tomcat.util.http.fileupload.MultipartStream.readBodyData(MultipartStream.java:539)
at org.apache.tomcat.util.http.fileupload.MultipartStream.discardBodyData(MultipartStream.java:563)
at org.apache.tomcat.util.http.fileupload.MultipartStream.skipPreamble(MultipartStream.java:580)
at org.apache.tomcat.util.http.fileupload.FileUploadBase$FileItemIteratorImpl.findNextItem(FileUploadBase.java:874)
at org.apache.tomcat.util.http.fileupload.FileUploadBase$FileItemIteratorImpl.<init>(FileUploadBase.java:854)
at org.apache.tomcat.util.http.fileupload.FileUploadBase.getItemIterator(FileUploadBase.java:256)
at org.apache.tomcat.util.http.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:280)
at org.apache.catalina.connector.Request.parseParts(Request.java:2730)
at org.apache.catalina.connector.Request.parseParameters(Request.java:3064)
at org.apache.catalina.connector.Request.getParameter(Request.java:1093)
at org.apache.catalina.connector.RequestFacade.getParameter(RequestFacade.java:380)
at org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:185)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:614)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:194)
at org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:318)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:676)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.crypto.ShortBufferException: Output buffer must be (at least) 12272 bytes long
at com.oracle.security.ucrypto.NativeGCMCipher.engineUpdate(NativeGCMCipher.java:266)
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:828)
... 67 more
2 個解決方案
解決方案1
0 2016-07-07 21:08:08
文章的最后幾行指的是套接字輸出緩沖區。
tomcat配置頁面顯示為
socketBuffer為套接字輸出緩沖提供的緩沖區大小(以字節為單位)。 可以指定-1以禁用緩沖區的使用。 默認情況下,將使用9000字節的緩沖區。
因此,我想第一步應該是在server.xml中找到您的ssl連接器,並添加socketBuffer =“ 12272”或更大的值。
在ibm的tomcat調整頁面上的tomcat調整中也提到了這一點。
解決方案2
0 2017-03-07 08:59:16
我的系統有同樣的問題。 經過一天的搜索,我發現oracle ucrypto JCE提供程序似乎很內gui。 所以我打開了文件jdk1.8.0_121 / jre / lib / security / java.security並注釋掉了這一行
#security.provider.1=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg
重新啟動后,我的系統運行良好。
.War可以在Windows上部署但無法在Linux服務器上部署(Tomcat 7)
[英].War Works to deploy on Windows but fails to deploy on a Linux server (Tomcat 7)
當戰爭部署在外部Tomcat中時,Springboot端點失敗
[英]Springboot endpoint fails when the war is deploy in an external Tomcat
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.